A key purpose of the @RISK is to provide the data that will ensure that the 20 Critical Controls (the US and UK benchmark for effective protection of networked systems) continue to be the most effective defenses for all known attack vectors. But since it is also valuable for security practitioners, SANS is making it available to the 145,000 security practitioners who have completed SANS security training and others at their organizations who hope to stay current with the offensive methods in use.

TOP VULNERABILITY THIS WEEK: CA cross-site scripting vulnerability was
discovered in the popular Wordpress Wp-Banners-Lite plugin. Given the
popularity of using compromised WordPress installations to host
malicious content, and the hundreds of thousands of vulnerable sites
seen via Google queries at the time of publication, this vulnerability
is likely to be used widely by nefarious actors looking to cover their
tracks.

***************** Sponsored By SANS ****************

Attend the SANS 20 Critical Security Control Briefing, Thursday, April
18, 2013 in Washington, DC at the JW Marriott. Tony Sager and John
Pescatore will provide an overview of the the 20CC, showcase the 20CC
In Action, and also moderate a Vendor Panel. Event is free to
Government attendees. For more information go tohttp://www.sans.org/info/128262

Title: Wordpress Wp-Banners-Lite plugin cross-site scripting
Description: A trivially exploitable cross-site scripting vulnerability
was discovered this week in the popular Wordpress Wp-Banners-Lite
plugin, with details released on the Full-Disclosure mailing list.
Administrators of vulnerable systems are urged to patch immediately;
however, given the huge numbers of neglected, vulnerable WordPress
installations in the wild, and their popularity as launching points for
other attacks, system administrators should be more concerned about
compromised sites being used to attack their users. In particularly
restrictive environments, administrators should consider blocking all
WordPress hosted sites.
Reference:http://seclists.org/fulldisclosure/2013/Mar/209
Snort SID: 26263
ClamAV: N/A

Title: MongoDB command injection vulnerability
Description: A fully functional exploit for a newly discovered MongoDB
command injection vulnerability was released this week. The issue -
which stems from improper filtering of the "nativeHelper.apply" method
originally created by SpiderMonkey, and imported by MongoDB. No patch
is currently available; system administrators are urged to filter the
command wherever possible.
Reference:http://cxsecurity.com/issue/WLB-2013030212
Snort SID: 26262
ClamAV: N/A

Title: Massive DDoS against Spamhaus reaches 300Gbps
Description: Following a dispute between Dutch hosting provider
Cyberbunker and anti-spam group Spamhous, the latter suffered what
initially began as a relatively small - 10 Gbps - DDoS, which escalated
over the course of last week to a 300Gbps flood. Anti-DDoS provider
CloudFlare noted that the attackers - who have not been conclusively
linked to Cyberbunker - were able to generate such huge volumes of
traffic by using open DNS resolvers, which can respond to small, spoofed
requests with massive floods of data. As a result of this attack - one
of the largest ever on the Internet to date - a new project has been
announced to locate and fix all of the approximately 27 million such
systems on the Internet today.
Reference:http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internethttp://openresolverproject.org/
Snort SID: Rate-based preprocessor
ClamAV: N/A

This is a list of recent vulnerabilities for which exploits are
available. System administrators can use this list to help in
prioritization of their remediation activities. The Qualys Vulnerability
Research Team compiles this information based on various exploit
frameworks, exploit databases, exploit kits and monitoring of internet
activity.

(c) 2013. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit https://www.sans.org/account